"Understand that you are a target, and treat every email as suspicious," Steinberg tells us. "When a computer displays an email, and tells you that someone sent you a message, treat that situation the same way you would if a human told you that another person said that you should do something – that is, with more suspicion than if you heard the message directly from the person giving the instructions."

2. Verify the source

"If an email asks you to do something that could potentially have harmful consequences, always verify that the instructions are legitimate," Steinberg advises. "So, if an email says to reset your password for a bank account – call the bank using the number on your ATM card. If an email says to take some action at work, like issue a payment to a vendor, or submit a copy of your work ID, always call the sender."

3. Monitor social media accounts

Hackers are using social media to learn more information about their victims.

"Do not overshare information," Steinberg says. "Criminals craft effective spear phishing emails by leveraging such information to convince their victims that a message must be legitimate."

4. Look for red flags

"For years, 'experts' advised people to spot phishing emails by looking for mistakes – spelling errors, wrong email address for the sender, incorrect formal names of organizations, grammatical mistakes, etc.," Steinberg says. "But, today, many emails are error-free. So while errors are a sign of possible phishing, folks who rely on such clues to always be present may get phished."

5. Always monitor financial and credit accounts

Check bank accounts on a regular basis. Write down all financial transactions and ensure they coincide with monthly statements. Don't neglect any online payment portals you use, like PayPal, Venmo, Facebook and eBay.